‹ Back to all roles

Lead Security, Privacy and Data Protection Architect- i.AI

UK Government - Department for Science, Innovation & Technology

AI GovernanceleadLondon, ENG, GBonsiteparttime, fulltimesecurity architectureprivacy by designdata protectionAI governanceincident responsedata minimizationaccess controlsDPIAposted
Unlock apply linkApply links and the original listing are a Pro feature — £4.99/mo or £25 once.
Details ----------- Reference number 469313 Salary £74,605 - £90,756 Salary is paid within the grade range shown below. As this is a GDAD role, the maximum salary includes a non-pensionable technical allowance, and successful candidates will be appointed somewhere within that range depending on assessment. London: £74,605 - £82,860 + potential GDAD non pensionable technical allowance of up to £16,151. Total compensation up to £90,756 inclusive. A Civil Service Pension with an employer contribution of 28.97% GBP Job grade Grade 6### Contract type Fixed term Loan### Length of employment 12 Months### Business area DSIT - Digital, Technologies and Telecoms### Type of role Other### Working pattern Flexible working, Full-time, Job share, Part-time### Number of jobs available 1 Contents ------------ * Location * About the job * Benefits * Things you need to know * Apply and further information Location ------------ LondonAbout the job ----------------- Job summary About the Incubator for AI (i.AI) The Incubator for AI (i.AI) is a fast moving, autonomous technical unit within the UK government. Our mission is to pioneer transformative applications of AI to build a better Britain. We operate under three core principles: Talent: We bring together the UK’s best AI talent across a range of functions. You will work alongside exceptional researchers and top government leaders, staying at the cutting edge of technology. Innovation: We set precedents for what is possible in government. We combine the pace of a start-up with the influence of being at the digital centre of government. You will test new ideas, expand what is possible, and leverage unique government data to create novel solutions. Impact: We are dedicated to using AI as a tool for public good - this can mean improving outcomes in schools, boosting housebuilding or providing more personalised support for those in need. With the backing of the Prime Minister, you will turn technical breakthroughs into real-world applications that affect millions of citizens. Job description About the job This is a rare opportunity to shape the security, privacy and trust foundations of one of government’s most ambitious AI-enabled services. Gov Voice is building a reusable AI voice capability that will transform how people access government services by phone. For millions of people, contact centres are one of the most important and highest-volume ways they interact with government. We’re creating a service that can make those interactions simpler, faster and easier to navigate — while meeting the highest standards of security, privacy and public trust. This is not innovation for its own sake. We’re building a real service for real users in a high-trust, high-scrutiny environment. That means designing security, privacy and data protection into the service from the outset, and ensuring they remain central as the platform grows across government. This role is central to that mission. It combines hands-on security architecture and engineering with leadership on privacy and data protection in the context of an AI-enabled public service. If you’re motivated by solving hard problems, shaping trusted AI in government, and building services that could improve how millions of people experience government, this is an opportunity to make a genuine impact. Who we are Gov Voice is part of the Department of Science, Innovation and Technology (DSIT), which is working to make digital government simpler, clearer and faster for everyone. We are a multidisciplinary team bringing together product, delivery, AI, policy, operations, service design, security and data expertise to turn emerging technology into practical public services. We’re not building prototypes for the sake of it — we’re building something real, reusable and trusted that departments across government can adopt with confidence. This is the kind of project that comes along rarely: frontier technology, real-world delivery, meaningful public impact, and complex problems worth solving. We’re looking for people who want to help define what secure, privacy-conscious and trustworthy AI in government looks like. What you will do The Lead Security, Privacy and Data Protection Architect will be accountable for the security architecture, privacy architecture and data protection design of a government service. This is not solely a cyber security architecture role: it requires someone who can bring together secure by design, privacy by design and data protection by design in the delivery of an AI-enabled public service. Initially, the role will be hands-on and operational. You will help harden the platform against security risks, support monitoring and threat detection, respond to incidents, and build a more systematic approach to security, privacy and data protection assurance. As the service scales, you will define and lead security, privacy and data protection architecture and controls across departments and ALBs using the service, acting as a senior authority in this space. As a Lead Security, Privacy and Data Protection Architect, you will: Shape strategy and influence across government * Build effective relationships with senior stakeholders across departments and ALBs, while engaging with wider cross-government security, privacy and data communities * Communicate and translate technical security, privacy and data protection risks to both technical and non-technical stakeholders * Reach and influence a wide range of people across larger teams, programmes and communities * Own the relationship between DSIT, GDS, adopters and the Information Commissioner’s Office to support best practice in privacy and data protection * Design secure, privacy-conscious architecture * Lead the architecture for the platform, ensuring security by design, privacy by design and data protection by design are embedded throughout the service lifecycle * Research and apply innovative architecture solutions to new or existing problems, and clearly justify and communicate design decisions * Develop vision, principles and strategy for security, privacy and data protection architecture across a project or technology area * Analyse technical solutions and produce architectural patterns that support assurance, quality and scalability * Assess risks relating to AI, integrations, infrastructure, identity, and personal data flows * Define and assure appropriate controls for voice data, transcripts, logs, model inputs and outputs, retention, deletion, auditability and access management * Lead the technical design and implementation of controls around the user-focused platform * Lead on privacy and data protection * Provide expert leadership on privacy and data protection in the design and operation of the service * Ensure the platform meets legal obligations and user expectations for privacy and data protection * Assess and advise on personal data processing, minimisation, retention, deletion, access controls, auditability and data sharing across the platform and adopter integrations * Support or lead Data Protection Impact Assessments (DPIAs), privacy risk assessments and mitigation planning, ensuring outcomes are reflected in technical and operational controls * Work closely with legal, policy, delivery, platform and operations teams to ensure personal data is handled appropriately and lawfully * Drive operational security and assurance * Work with platform and operations teams to secure early deployments * Provide expert input into security incidents, remediation activity and areas for change, while advising on best practice across government * Perform reactive security monitoring and incident support * Respond to alerts and challenges, support investigations, and provide feedback that shapes policy and requirements * Assist with vulnerability triage and remediation tracking * As the service scales, you will also: * Own security, privacy and data protection architecture and strategic frameworks across multiple departments and ALBs * Define advanced controls, monitoring approaches and defence-in-depth patterns * Establish cross-government approaches to privacy assurance, data sharing, retention, accountability and governance * Support continuous assurance in increasingly complex threat and operating environments * Act as a senior security, privacy and data protection authority for the government service Person specification Person Specification Essential experience We’re interested in people who have: * Experience designing and implementing security architecture in a complex organisation, and applying it at both technical and operational levels * Experience embedding privacy by design and data protection by design into architecture, engineering and service delivery * Strong understanding of the specific security and privacy issues presented by generative AI, and the ability to stay current with emerging best practice in this area * Experience applying cyber security principles, including understanding of infrastructure security, information security, penetration testing, vulnerability management, and mitigating common cyber threats (e.g. DDoS attacks). * Experience understanding, interpreting and applying legal obligations, policies and regulations such as UK GDPR, the Data Protection Act 2018, and other applicable data protection requirements in the design and operation of digital services * Experience identifying and managing privacy and data protection risks in complex systems, including AI-enabled services, third-party integrations and cross-organisational data sharing * Experience leading, contributing to, or advising on Data Protection Impact Assessments (DPIAs) or similar privacy risk assessments, and translating findings into technical or operational controls * Experience analysing and advising on personal data handling, including data flows, minimisation, retention, deletion, access controls, auditability and sharing arrangements * Experience designing, identifying and implementing new technologies within an organisation * Experience prioritising work, working under pressure, and dealing with changing priorities and ambiguity * Experience translating technical security, privacy, data protection or system architecture details and risks to non-technical stakeholders, both verbally and in writing * Experience leading and managing colleagues across multiple disciplines, and escalating concerns within a workstream, team or programme where appropriate * Experience responding to security incidents and working within incident or risk management frameworks * Experience interpreting, explaining and reviewing system architectures * Experience identifying and analysing technical platform vulnerabilities * Experience working with Agile practices and processes * If you meet some of these criteria, but not every single one, we’d still encourage you to apply. Technical skills We'll assess you against these technical skills during the selection process: * Candidates will be asked a scenario question by the panel and should be expected to respond to follow-up questions. Further details will be provided in advance, including the opportunity for candidates to prepare for the technical interview. Benefits ------------ Alongside your salary of £74,605, Department for Science, Innovation \& Technology contributes £21,613 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides . The Department for Science, Innovation and Technology offers a competitive mix of benefits including: * A culture of flexible working, such as job sharing, homeworking and compressed hours. * Automatic enrolment into the Civil Service Pension Scheme, with an employer contribution of 28.97%. * A minimum of 25 days of paid annual leave, increasing by 1 day per year up to a maximum of 30. * An extensive range of learning \& professional development opportunities, which all staff are actively encouraged to pursue. * Access to a range of retail, travel and lifestyle employee discounts. Office attendance The Department operates a discretionary hybrid working policy, which provides for a combination of working hours from your place of work and from your home in the UK. The current expectation for staff is to attend the office or non-home based location for 40-60% of the time over the accounting period. Things you need to know --------------------------- Artificial intelligence Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.### Selection process details This vacancy is using Success Profiles , and will assess your Experience and Technical skills. Candidates will be required to submit a CV and responses to two application questions. Further details around what this will entail are listed on the application form. Applications will be sifted against the essential criteria, including relevant experience and motivation for the role. Shortlisted candidates will be invited to a preliminary call. Candidates who pass the initial sift may be progressed to a full sift, or progressed straight to assessment/interview. Those who progress will then attend an interview, which will include questions on their application, a technical assessment, and a behavioural interview. For the technical assessment, candidates will be asked a scenario question by the panel and should be expected to respond to follow-up questions. Further details will be provided in advance, including the opportunity for candidates to prepare for the technical interview. Candidates may use AI tools to support this preparation. Appointment is conditional on successfully completing UK Government SC clearance. Prior clearance is not required — we will sponsor and support you. You should normally have been resident in the UK for 2 of the past 5 years. Employment is conditional on obtaining and maintaining the required clearance(s). Due to the nature of this role, we are advertising this vacancy in London only. Sift and interview dates Sift and interview dates to be confirmed. Further Information Reasonable Adjustment We are proud to be a disability confident leader and we welcome applications from disabled candidates and candidates with long-term conditions. Information about the Disability Confident Scheme (DCS) and some examples of adjustments that we offer to disabled candidates and candidates with long-term health conditions during our recruitment process can be found in our DSIT Candidate Guidance. A DSIT Plain Text Version of the guidance is also available. We encourage candidates to discuss their adjustment needs by emailing the job contact which can be found under the contact point for applicants section. If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section. If successful and transferring from another Government Department a criminal record check may be carried out. New entrants are expected to join on the minimum of the pay band. A location based reserve list of successful candidates will be kept for 12 months. Should another role become available within that period you may be offered this position. Candidates who meet the minimum benchmark may be placed on a Reserve List for consideration for similar roles, including those at a lower grade. Candidates who narrowly miss the benchmark and are not placed on the Reserve List may still be considered for an offer in a similar role at a lower grade. Please note terms and conditions are attached. Please take time to read the document to determine how these may affect you. Any move to the Department for Science, Innovation and Technology from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare; for further information visit the Childcare Choices website. DSIT does not normally offer full home working (i.e. working at home); but we do offer a variety of flexible working options (including occasionally working from home). DSIT cannot offer Visa sponsorship to candidates through this campaign. DSIT holds a Visa sponsorship licence but this can only be used for certain roles and this campaign does not qualify. In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service on your behalf. However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grs@cabinetoffice.gov.uk stating the job reference number in the subject heading. Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment. A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government. Feedback Feedback will only be provided if you attend an interview or assessment.### Security Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check . See our vetting charter . People working with government assets must complete baseline personnel security standard (opens in new window) checks.### Nationality requirements This job is broadly open to the following groups: * UK nationals * nationals of the Republic of Ireland * nationals of Commonwealth countries who have the right to work in the UK * nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) * nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS) * individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020 * Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service Further information on nationality requirements Working for the Civil Service The Civil Service Code sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles . The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.### Diversity and Inclusion The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service Diversity and Inclusion Strategy .Apply and further information --------------------------------- This vacancy is part of the Great Place to Work for Veterans initiative. Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.### Contact point for applicants Job contact : * Name : Ben Sams * Email : ben.sams@dsit.gov.uk Recruitment team * Email : ben.sams@dsit.gov.uk Further information Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. If you feel that your application has not been treated in accordance with the recruitment principles, and wish to make a complaint, then you should contact in the first instance DSITrecruitment.grs@cabinetoffice.gov.uk . If you are not satisfied with the response that you receive, then you can contact the Civil Service Commission. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: Click here to visit Civil Service Commission/Complaints.